Blue Screen of Sasser

I got some kind of adware installed on my computer somehow. When I start Internet Explorer it causes the entire screen to turn blue and a window appears saying that the Sasser worm is on my computer and I need to scan now. It has an OK and a Cancel button. I always just close the message window which returns my computer to normal. Anyone else experience this? How do I get rid of it. I've run Ad-aware.
I tried searching, but all I get are sites about the BSOD.

 

Log in or Sign up to hide all adverts.

Try HijackThis. There's a link in the FAQ. Also might try spybot search and destroy. Link is also in the FAQ.

There is a new worm out called Dabber. It cleans up Sasser and installs a back door. I don't think it gives you the option like you're mentioning though.

 

Log in or Sign up to hide all adverts.

Okay, It seems it is sasser (probably sasser.B):
http://servicenews.symantec.com/cgi...ort.generic.virus_corporate.general&tpre=ent&

Perhaps the blue screen looks like one of these:
http://www.theinquirer.net/?article=15767

You could use this:
http://vil.nai.com/vil/stinger/

 

Log in or Sign up to hide all adverts.

And, don't forget to update your system. Get the security updates and you won't have to worry about getting sasser again. Why, oh why are people afraid of security updates?

Funny thing about that picture is the one computer with the monitor turned off. Wonder if it's the only one not infected.

By the way, Dabber exploits Sasser infected systems.

 

Actually the reason why some people were afraid of updates was due to the first bout of nimda way back when worms weren't common place. Basically all the updates got infected and people were downloading updates that were trojans, In fact this is why a few viruses now generate false e-mails claiming to be a microsoft virus alert with an update patch attached. (I guess it's incase they ever got back in the system.)

Microsoft attempts to keep it's updates clean, although I still question why they have never moved their updates to SSL connections (To make sure you going directly to one of their servers/caches, rather than getting it through a node.)

Keeping your OS updated is good to lower exploitation, however I would suggest (as other have too) do not update hardware drivers from Microsoft, for some reason they always seem to corrupt.

 

I don't think its sasser. If my computer is infected with sasser then I don't see why it caused such a fuss. Nothing harmful happens to my computer. All it does is cause an annoying message to pop up. It doesn't look like a real BSOD because the message I get is still Windows based. Maybe I'll take a picture of it next time. It occurs each time I open IE after restarting my computer.

 

A couple of months ago my computer was infected by "My Doom", what a freakn' mess! There is something new that shuts down Windows, is that Sasser or Dabber? What is Dabber? I know that w/ My Doom it had the potential to create back door for hackers to come in and steal my passwords and account numbers.

Please Register or Log in to view the hidden image!

So what does Sasser do exactly?

 

Padma,

I don't think Sasser does anything in particular. Mostly just annoys you by causing random shutdowns. There are variants though. The vulnerability that Sasser exploits allows remote code execution, so it could pretty much do anything if rewritten to do it. Dabber exploits Sasser infected machines, it removes Sasser and installs a back door. It exploits the same vulnerability as Sasser (I think) so it also has remote code execution. Whenever you see remote code execution in the description of a virus, that means it can do anything it wants to.

Slaughterist,

it's quite possible that the message you see isn't all that's going on. There might be more insidious things happening in the background. Do you run an antivirus? Did you try Spybot or Hijackthis? So the message is window based? Meaning it's inside a regular window? It only occurs when you open up IE for the first time after restarting? If you shut down IE and reopen it does it pop up again? Maybe you've downloaded an active X control that you didn't mean to. Check internet options, General, Temporary internet files, settings, view objects. This will show all the active X controls you've downloaded. Look for anything suspicious.